// SECURITY GUIDE · DNS
DNS Configuration

// WHAT IT IS
DNS (Domain Name System) maps your domain to servers. Beyond basic resolution, DNS records define who can send email on your behalf, which mail servers are legitimate, and how receiving servers should handle spoofed mail. A misconfigured DNS lets attackers send phishing emails that look like they came from your domain.
// WHAT WE CHECK
[INFO]A Record: Domain resolves to an IP. Basic reachability check.
[INFO]MX Records: Mail server records exist. Missing MX means no email received.
[HIGH]SPF Record: TXT record defining which servers can send email for your domain. Missing SPF = trivial email spoofing.
[HIGH]DMARC Record: Policy telling receivers what to do with failing SPF/DKIM mail. Without it, spoofed emails get delivered.
[MEDIUM]DKIM: Cryptographic signature on outgoing emails. Proves the email wasn't tampered with in transit.
// HOW TO FIX: ADD DNS RECORDS
Add these TXT records at your domain registrar (Cloudflare, Namecheap, etc.):
# SPF — if you don't send email from this domain:
Type: TXT  Name: @  Value: v=spf1 -all

# SPF — if you send via Google Workspace:
Type: TXT  Name: @  Value: v=spf1 include:_spf.google.com ~all

# DMARC — strict policy:
Type: TXT  Name: _dmarc  Value: v=DMARC1; p=reject

# DMARC — with reporting:
Type: TXT  Name: _dmarc  Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com
→ SCAN YOUR SITE NOW